For maximum connectivity, customer firewalls, proxies and other network systems must allow access from the various services that comprise the iPass Open Mobile Service. We have two options for our customers to follow, based on the stringency of their security policies. The //Simple// option keeps the number of rules to a minimum by opening up only the required ports, but allows all hosts from the iPass production networks. The //Advanced// option utilizes the same ports, but allows the customer to lock down the firewall to just the hosts that are currently in service. While this works just as well, it requires more rules in your firewalls, and if iPass adds services in the future, you may need to revisit these rules and open more hosts to our service.

+

===== Simple Option =====

+

This option opens up only the necessary TCP ports to two /20 blocks of IP space that are owned and maintained by iPass. TCP ports 80, 443 and 577 must be opened from the following IP blocks in order for the iPass Open Mobile service to function. If you are configuring a device that uses a white-listing format (such as an Access Gateway), you should allow the domains of ''ipass.com'' as well as ''i-pass.com''.